[ecs-patterns] Make sslPolicy configurable with ApplicationLoadBalancedFargateService

[cicchiel]

When adding an ApplicationListener to an ApplicationLoadBalancer the sslPolicy can be configured. However when using an ApplicationLoadBalancedFargateService or an ApplicationLoadBalancedEc2Service the construct automatically adds the listener and there is no option to configure the sslPolicy.

I worked around this feature gap by extending ApplicationLoadBalancer and overriding the addListener method to add the sslPolicy flag but this should be an option in an ApplicationLoadBalancedService

Use Case

Be able to configure the ApplicationLoadBalancer in an ApplicationLoadBalancedFargateService to use a different sslPolicy such as only allowing TLS1.2 connections

Proposed Solution

Add the sslPolicy property to ApplicationLoadBalancedServiceBaseProps and use the property when calling loadBalancer.addListener in ApplicationLoadBalancedServiceBase

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[rcollette]

This is an issue for us right now because the default SSL policy includes TLS1.1.

@iamhopaul123

[iamhopaul123]

Hello @rcollette, the use case is valid but even if we expose sslPolicy as a property the other listener properties remains out of control for users. I think #11841 would be the one we need to address instead of this one. Once we are able to address #11841 this one can be closed as well.